Integration Server as an External Authorization Server
Access tokens generated by Integration Server’s authorization server can be used to access resources in other vendors' servers. That is, an Integration Server authorization server can respond to a requests for access token introspection from a resource server that is not an Integration Server. This is part of Integration Server support for RFC 7662, OAuth 2.0 Token Introspection.
The pub.oauth* services provide clients with services for interacting with an Integration Server used as an OAuth 2.0 authorization server, including services for requesting a token, determining whether a token is still active, refreshing an access token, and revoking an access token. The introspection endpoint for the Integration Server authorization server is the following URL:
https://host:port/invoke/pub.oauth/introspectToken
This invokes the pub.oauth:introspectToken service on the Integration Server authorization server located at host:ports.
For more information about built-in services for OAuth see, webMethods Integration Server Built-In Services Reference .